Role Assignment Precedence for SIP Servlet Roles

Converged Application Server provides several ways to map sip.xml roles to actual roles in the SIP Container during deployment. For declarative and programmatic security defined in sip.xml, the order of precedence for role assignment is:

  1. If weblogic.xml assigns a sip.xml role in a security-role-assignment element, the security-role-assignment is used.

    Note:

    Converged Application Server also requires a role definition in web.xml in order to use a security-role-assignment. See "Important Requirements".

  2. If no security-role-assignment is available (or if the required web.xml role assignment is missing), implicit role assignment is used.

For run-as role assignment, the order of precedence for role assignment is:

  1. If weblogic.xml assigns the sip.xml deployment descriptor's run-as role in a run-as-principal-name element defined within servlet-descriptor, the run-as-principal-name assignment is used.

    Note:

    Converged Application Server also requires a role definition in web.xml in order to assign roles with run-as-principal-name. See "Important Requirements".

  2. If weblogic.xml assigns the sip.xml deployment descriptor's run-as role in a run-as-role-assignment element, the run-as-role-assignment element is used.

    Note:

    Converged Application Server also requires a role definition in web.xml in order to assign roles with run-as-role-assignment. See "Important Requirements".

  3. If weblogic.xml assigns the sip.xml deployment descriptor's run-as role in a security-role-assignment element, the security-role-assignment is used.

    Note:

    Converged Application Server also requires a role definition in web.xml in order to use a security-role-assignment. See "Important Requirements".

  4. If no security-role-assignment is available (or if the required web.xml role assignment is missing), implicit role assignment is used.